## NOTE:
## This config file overrides data/configs/cluster.hocon,
## and is merged with environment variables which start with 'EMQX_' prefix.
##
## Config changes made from EMQX dashboard UI, management HTTP API, or CLI
## are stored in data/configs/cluster.hocon.
## To avoid confusion, please do not store the same configs in both files.
##
## See https://www.emqx.io/docs/en/v5.0/configuration/configuration.html for more details.
## Configuration full example can be found in etc/examples

node {
  name = "emqx@{{ ansible_default_ipv4.address }}"
  cookie = "{{ emqx_cookie }}"
  data_dir = "data"
}

cluster {
  name = {{ emqx_cluster_name }}
  discovery_strategy = dns
  dns {
    name = "{{ emqx_dns_name }}"
    record_type = a
  }
}

dashboard {
    listeners.http {
        bind = 18083
    }
}

authentication = [
  {
    backend = mysql
    database = {{ emqx_auth_db }}
    enable = true
    mechanism = password_based
    password = "{{ emqx_auth_db_password }}"
    password_hash_algorithm {name = sha256, salt_position = suffix}
    pool_size = 8
    query = "SELECT password_hash, salt FROM mqtt_user where username = ${username} LIMIT 1"
    query_timeout = 5s
    server = "{{ emqx_auth_db_server }}"
    ssl {
      enable = false
    }
    username = {{ emqx_auth_db_user }}
  }
]

authorization {
  cache {
    enable = true
    excludes = []
    max_size = 32
    ttl = 1m
  }
  deny_action = ignore
  no_match = allow
  sources = [
    {
      database = {{ emqx_auth_db }}
      password = "{{ emqx_auth_db_password }}"
      pool_size = 8
      query = "SELECT action, permission, topic FROM mqtt_acl where username = ${username}"
      server = "{{ emqx_auth_db_server }}"
      ssl {enable = false, verify = verify_peer}
      type = mysql
      username = {{ emqx_auth_db_user }}
    },
    {
      enable = true
      path = "data/authz/acl.conf"
      type = file
    }
  ]
}